The FBI’s Internet Crime Complaint Center (IC3) has issued a Public Service Announcement warning of “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.”
The business email compromise (BEC), formerly known as the man-in-the-email scam, relates to fraudulent wire transfer payments sent to foreign banks.
Victims, who are usually US citizens, are unwittingly recruited as “money mules” as part of other scams. They receive money in their bank accounts and are then directed “to quickly transfer the funds using wire transfer services or another bank account, usually outside the US. Upon direction, mules may sometimes open business accounts for fake corporations both of which may be incorporated in the true name of the mule.”
The scam’s tactics are hardly new, but its success has been impressive: between October 2013 and December 2014, the IC3 received complaint data relating to victims from every US state and in 45 countries:
Total US victims: 1,198
Total US losses: $179,755,367.08
Total non-US victims: 928
Total non-US losses: $35,217,136.22
The FBI doesn’t know how victims are selected, but it does know that “the subjects monitor and study their selected victims prior to initiating the BEC scam. The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment. Victims may also first receive “phishing” emails requesting additional details of the business or individual being targeted (name, travel dates, etc.). Some victims reported being a victim of various Scareware or Ransomware cyber intrusions, immediately preceding a BEC scam request.”
US organizations that want to ensure they don’t fall victim to this scam need to ensure that their staff are aware of security risks such as phishing attacks.